Master digital data creation device and digital data reproduction device

ABSTRACT

Data C generated by scrambling user-desired digital data P and a control word CW p  corresponding to the number of reproductions p are recorded on recording media. When creating a master, a user has already been charged for the number of reproductions p. A decryption block decrypts the control word CW p , which is read from the recording media, to CW 0 . A de-scrambler uses the decryption control word CW 0  to decrypt the digital data P for output to a reproduction unit. After confirming the end of reproduction, the decryption block writes a control word CW (p−1)  back to the recording media. The recording media may be reproduced p times with no need for communication between a reproduction device and an accounting manager.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a master digital data creation deviceand a digital data reproduction device, and more particularly to amaster digital data creation device and a digital data reproductiondevice that prevent the illegal reproduction or copy of distributeddigital data such as audio data and video data.

2. Description of the Related Art

Recently, more and more recording and reproduction devices and theirmedia have become available for processing digital data. These devicesand media give audio and video users many benefits such as high-speed,non-degraded recording and reliable reproduction. On the other hand, aproblem has arisen that many non-degraded copies are produced quicklyand sold with no permission from copyright holders. The prevention ofillegal copy has become critical.

To prevent illegal copy, the SCMS (Serial Copy Management System) isused for conventional digital recording and reproduction devices such asa digital audio tape recorder (DAT) and a minidisk (MD). In the SCMS,copy permission status information is recorded in a particular area on amedium. That is, when the copy permission status information recorded ona copy source medium is “00”, the same copy permission statusinformation “00” is recorded also on a copy destination medium to permitthe user to create another copy from the copy destination medium (socalled copy free).

When the copy permission status information recorded on a copy sourcemedium is “10”, the copy permission status information is changed to“11” on a copy destination medium to inhibit the user from creatinganother copy from the copy destination medium (that is, copy ispermitted only once). This system is established on the assumption that,upon detection of the copy permission status information of “11” on amedium, an SCMS-conforming device stops the copy operation.

Other conventional copy prevention methods include digital dataencryption. This is accomplished by scrambling copy-protecting digitaldata with the use of a predetermined control word and, at the same time,by encrypting the control word with particular key data.

FIG. 1 shows the overview of an exemplary conventional copy protectionmethod. In a mastering device 1 shown in the figure, a scrambler 2scrambles digital data P, such as audio service (contents) data, using acontrol word P and outputs scrambled digital data C to a recordingmedium 4. At the same time, an encryption unit 3 encrypts the controlword P using key data K and outputs a control word C to the recordingmedium 4.

In a reproduction device 5, a decryption unit 6 receives the controlword C reproduced from the recording medium 4 and decrypts it to thecontrol word P using the key data K. At the same time, in thereproduction device 5, a de-scrambler 7 receives the digital data Creproduced from the recording medium 4 and produces the digital data Pusing the control word P already produced by the decryption unit 6.Algorithms suitable for this processing include DES(Data EncryptionStandard), RSA(named after Ron Rivest, Adi Shamir, and Len Adleman).When data is copied from this recording medium 4 to another recordingmedium, only the digital data C is copied, without the control word C.When reproducing data from the copy destination medium, de-scramblingprocessing cannot be performed correctly and therefore the user cannotreceive services (Digital data P cannot be reproduced correctly). Inthis way, the copy operation is virtually prevented.

However, when the copy permission status information is rewritten in theSCMS, that is, when the information is altered, the following problemarises. For example, once the copy permission status information on thecopy source medium, even if “10”, is rewritten to “00” either when it iscopied to a copy destination medium or by a processor on a transmissionline, data may be illegally copied thereafter.

In addition, the conventional method for scrambling digital data inwhich all copies are prevented, the user is not permitted to create evena personal backup copy against an accidental destruction of a recordingmedium. This is unreasonable because the merit of using digital data isimpaired. What is important is that copy operation should not be limitedbut that the copyright holder of digital contents should be paid for theservice the user receives. This means that a copy management methodother than that described above is required.

In the prior art, a method is disclosed which solves this problem bycharging the user for the reproduction of digital contents reproduction,calculating the total of the usage amount, and distributing the chargeamong copyright holders (Japanese Patent Laid-Open Publication No. Hei10-269289).

However, the conventional method and device, which return the digitalcontents usage status to a charge manager, require communication betweenthe reproduction device and the charge manager and therefore makesprocessing complex.

SUMMARY OF THE INVENTION

In view of the foregoing, it is an object of the present invention toprovide a master digital data creation device and a digital datareproduction device capable of preventing illegal copies with no needfor communication between a reproduction device and a charge manager.

To achieve the above object, there is provided a master digital datacreation device comprising: an encryption block generating a firstcontrol word based on a specified allowable number of reproductions andapplying a one-way function to the first control word the allowablenumber of reproductions to generate a second control word; a scramblerreceiving the second control word for scrambling desired first digitaldata using the second control word to produce second digital data; andan output block outputting the second digital data and the first controlword to an external device.

According to the present invention, digital data, as well as the controlword including information on the allowable number of reproductions, maybe recorded on the recording media. Therefore, when reproducing thedigital data, the number times data may be reproduced may be limited tothe allowable number of reproductions. This simplifies accountingmanagement and, at the same time, allows accounting processing fordigital data copyright holders to be completed by charging the user fora user-desired predetermined number of reproductions the first timedigital data is recorded on the recording media, thus eliminating theneed for communication with the accounting manager for eachreproduction.

To achieve the above object, there is provided a digital datareproduction device comprising: an acceptor accepting recording media onwhich second digital data and a first control word CW_(k) are recorded,the first control word being generated based on a specified allowablenumber of reproductions, the second digital data being generated byscrambling desired first digital data using a second control word CW₀generated by applying a one-way function to the first control wordCW_(k) K times; a decryption block receiving the first control wordCW_(k) and applying the one-way function to the first control wordCW_(k) k times to produce the second control work CW₀; a de-scramblerreceiving the second digital data and the second control word CW₀ andde-scrambling the second digital data using the second control word CW₀to produce the first digital data; and a reproduction unit reproducingthe first digital data generated by the de-scrambler, wherein, after thereproduction by the reproduction unit, the decryption block writes athird control word CW_((k−1)) back to the recording media, the thirdcontrol word being generated by applying the one-way function to thefirst control word CW_(k) once, and wherein, if the first control wordCW_(k) received from the recording media equals the second control wordCW₀, the de-scrambling by the de-scrambler and the reproduction by thereproduction unit are inhibited.

According to the present invention, when reproducing data from therecording media on which digital data and the control word includinginformation on the allowable number of reproductions are recorded, theallowable number of reproductions may be decremented for eachreproduction. Therefore, by inhibiting reproduction when the allowablenumber of times has reached 0, the number of times data may bereproduced may be limited to the allowable number of reproduction thatis initially set.

In a preferred embodiment of the present invention, when a desirednumber of reproductions, n, is received from some other reproductiondevice, the decryption block receives the first control word CW_(k) fromthe recording media and, if k ≧n, applies the one-way function to thefirst control word CW_(k) (k−n) times to produce the third control wordCW_(n) and applies the one-way function to the first control word CW_(k)n times to produce the fourth control word CW_((k−n)); if k<n, producesthe first control word CW_(k) as the third control word CW_(n) andproduces the second control word CW₀ as the fourth control wordCW_((k−n)); and records the fourth control word CW_((k−n)) on therecording media for updating, further comprising: an output blockoutputting the second digital data recorded on the recording media, andthe third control word CW_(n) obtained from the decryption block, to theother reproduction device.

In this embodiment, when the number of reproductions, n, is specified bysome other reproduction device, the third control word CW_(n), as wellas the second digital data, is output to the other reproduction deviceand, at the same time, the first control word CW_(k) is updated toCW_((k−n)). Therefore, a part of the limited number of reproductions, k,is distributed from a reproduction device as a copy source to anotherreproduction device as a copy destination, connected to the copy source,through the copy operation. This makes it possible for the number ofreproductions to be managed independently when digital data isreproduced at the reproduction device as a copy source and at the otherreproduction device as a copy destination connected to the copy source.

Therefore, the present invention allows digital data to be distributedwithout impairing the merits of digital processing such as high-speed,non-degraded recording and reliable reproduction and, at the same time,prevents illegal copy.

The nature, principle and utility of the invention will become moreapparent from the following detailed description when read inconjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

In the accompanying drawings:

FIG. 1 is an overview of an example of a conventional copy preventionmethod.

FIGS. 2A and 2B are a block diagram showing a digital data reproductiondevice in an embodiment according to the present invention and aconfiguration diagram of main components, respectively.

FIG. 3 is a block diagram showing a master digital data creation devicein the embodiment according to the present invention.

FIGS. 4A and 4B are a diagram depicting an example of the encryptionblock shown in FIG. 3 and the format of a control word, respectively.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

An embodiment according to the present invention will be described belowwith reference to the accompanying drawings.

FIG. 2A is a block diagram of an embodiment of a digital datareproduction device according to the present invention, and FIG. 2B is adiagram showing the configuration of the decryption block shown in FIG.2A. Before describing the digital data reproduction device in thisembodiment, the following describes how digital data that is the sourceof all copies (that is, master digital data) is created in anillegal-copy prevention system according to the present invention.

FIG. 3 is a block diagram of an embodiment of a master digital datacreation device according to the present invention. In the descriptionbelow, master digital data is simply referred to as a master. Referringto FIG. 3, a master creation device 20 comprises a scrambler 21scrambling digital data that is supplied to the user, an encryptionblock 22 encrypting a control word, and a communication block 23communicating with user's reproduction device. The communication block23 is connectable to a reproduction device 25 via a transmission medium24.

Next, referring to FIG. 3, the master creation operation will bedescribed. The master creation device 20 is installed, for example, in astore where video software and other software products are sold to theuser. The user goes to the store and connects his or her ownreproduction device 25 to the master creation device 20 via thetransmission medium 24. The user specifies digital data corresponding toa desired service and the number of reproductions p. Although not shownin this figure, the user is charged for the number of reproductions p.Note that the charge also depends on the digital data type, contents andso on.

The number of reproductions p is sent to the encryption block 22 via thetransmission medium 24 and the communication block 23 in the mastercreation device 20. Although not required as input to the encryptionblock 22, key data K is also input to the encryption block 22 to fullyprotect copyrights.

When the key data K is input to the encryption block 22, it is requiredthat the same key data K be set also in the reproduction device 25. Thekey data K may be used as input to a one-way function within theencryption block 22. The encryption block 22 outputs control word CW_(p)that depends on the number of reproductions p and control word CW₀ thatis input to the scrambler 21. The control word CW_(p) is sent to thereproduction device 25 via the communication block 23 and thetransmission medium 24.

The scrambler 21 uses the control word CW₀ to scramble digital data Pselected according to the user's desire. Encryption algorithms such asthe DES maybe used for scrambling. Digital data C, which is output fromthe scrambler 21 as a master, is sent to the reproduction device 25 viathe communication block 23 and the transmission medium 24. The digitaldata C and the control word CW_(p) are recorded on the recording mediumin the reproduction device 25. In this way, the user desired digitaldata P that is scrambled, as well as the control word CW_(p), is createdin user's reproduction device 25 to produce a recording medium that maybe reproduced the number of reproductions p.

FIG. 4A is an outline block diagram of an example of the encryptionblock 22 described above. This encryption block 22 first generates arandom value from a random value generator 221 to perform replacement.Because the number of reproductions is 3 in the example in FIG. 4A, apart of the random value is replaced with 3 according to the format ofthe control word CW shown in FIG. 4B. The result is output as thecontrol word CW₃.

As shown in the format example in FIG. 4B, the control word CW iscomposed of a random value 27 of a one-way function f and a replacementvalue 28. The replacement value 28 indicates the number times theone-way function f is to be applied until the control word CW₀ isobtained. This is the number of times the one-way function is to beapplied until the control word CW₀ is obtained which is used to indicatethat the allowable number of reproductions has been exhausted in themaster digital data reproduction device or that a control word necessaryfor digital data de-scrambling has been obtained.

The control word CW3 described above is processed recursively by theone-way function f the number of reproductions. The one-way function fis defined as a function whose input is difficult to estimate from theoutput. The key data K, as well as the control word CW, is input to theone-way function f as necessary. The replacement operation is alsoperformed for the output of the one-way function f in each stage and,when the part of the control word CW eventually becomes 0, the controlword is output as CW₀. This control word CW₀ is used by the scrambler21.

Next, returning to FIGS. 2A and 2B, an embodiment of the digital datareproduction device will be described. As shown in FIG. 2A, areproduction device 10 is connected to another reproduction device 17via a transmission medium 16. This reproduction device 10 corresponds tothe reproduction device 25 shown in FIG. 3. The reproduction device 10comprises recording media 11 a and 11 b, a decryption block 12, ade-scrambler 13, a reproduction unit 14, and a communication block 15.On the recording medium 11 a, the data C sent from the master creationdevice 20 described above and generated by scrambling the user desireddigital data P is recorded. On the recording medium 11 b, the controlword CW_(p) corresponding to the number of reproductions P is recorded.

The de-scrambler 13 uses the control word CW₀, sent from the decryptionblock 12, to de-scramble digital data from the recording medium 11 a toproduce digital data P. The reproduction unit 14 reproduces the receiveddigital data P. The communication block 15 is provided for communicationbetween the reproduction device 10 and the other reproduction device 17via the transmission medium 16.

As shown in the block diagram in FIG. 2B, the decryption block 12comprises a CW_(K) register 121 in which the control word CW_(K) readfrom the recording medium 11 b is temporarily stored, a CW_(n), register122 in which the control word to be output to the communication block 15is temporarily stored, a CW₀ register 123 in which the control word CW₀to be output to the de-scrambler 13 is temporarily stored, and a one-wayfunction f replacement processor 124. The one-way function f replacementprocessor 124 receives the number of reproductions n from thereproduction device 17.

Next, the operation of the embodiment shown in FIGS. 2A and 2B will bedescribed. The digital data C, such as audio service data scrambled bythe master creation device 20 with the use of the control word CW₀, isinput to the reproduction device 10 for recording on the recordingmedium 11 a. At the same time, the control word CW_(p) corresponding tothe number of reproductions p is input to the reproduction device 10 forrecording on the recording medium 11 b.

The control word CW_(p) recorded on the recording medium 11 b is readinto the decryption block 12, where the control word CW_(p) is decryptedto the control word CW₀ using the same keyword K as that used by themaster creation device 20. The control word CW₀, in conjunction with thedigital data C read from the recording medium 11 a, is input to thede-scrambler 13. The de-scrambler 13 de-scrambles the received digitaldata C using the decryption control word CW₀ and outputs thede-scrambled digital data P to the reproduction unit 14.

The reproduction unit 14 decodes the encoded digital data P receivedfrom the de-scrambler 13 and outputs the decoded data to a deviceexternal to the reproduction device 10 for providing the service tousers. After confirming that reproduction has been terminated, thedecryption block 12 writes the control word CW_((p−1)) back to therecording medium 11 b.

Next, copying the digital data C from the recording medium 11 a to arecording medium on another reproduction device 17 will be described. Inthis case, the other reproduction device 17 first informs thereproduction device 10 of the desired number of reproductions, n, viathe communication block 15. Assume that the control word currentlyrecorded on the recording medium 11 b is CW_(K). The decryption block 12reads this control word CW_(K) from the recording medium 11 b andrecursively performs the one-way function and replacement for thiscontrol word to output the control word CW_(n).

The control word CW_(n) output from the decryption block 12, inconjunction with the digital data C read from the recording medium 11 a,is supplied, via the communication block 15 and the transmission medium16, to the other reproduction device 17 for copying the data to itsrecording medium. After confirming that a copy is created successfully,the decryption block 12 updates the contents of the recording medium 11b with the control word CW_(k)′ generated by recursively performing theone-way function and replacement for the control word CW_(k). Note thatk′=k−n. That is, because a copy permitting n times of reproductions ismade from the recording media 11 a and 11 b, from which data may becopied up to k times, to the other reproduction device 17, the remainingnumber of reproductions of the recording media 11 a and 11 b equals(k−n) times.

Next, processing performed by the decryption block 12 will be describedmore in detail. Assume that the control word recorded on the recordingmedium 11 b is CW₅ (K=5). That is, in the description below, it isassumed that digital data that may be reproduced up to five times willbe copied once. In this case, the decryption block 12 reads the controlword CW₅ from the recording medium 11 b and temporarily stores it in theCW_(K) register 121 in the decryption block 12.

Next, the processor 124 performs the one-way function f and replacementfor the control word CW5 in the CW_(K) register 121 once and stores theresult in the CW_(K) register 121 to update its contents. The one-wayfunction f and replacement processing are the same as those performed bythe encryption block 22 shown in FIG. 4A. That is, the CW_(K) register121 contains CW₄ at this time.

After that, the processor 124 performs the one-way function f andreplacement repeatedly and, when the result becomes CW₀, stores thiscontrol word CW₀ in the CW₀ register 123. Finally, the contents of theCW_(K) register 121 are written back to the recording medium 11 b, andthe contents of the CW₀ register 123 are output to the de-scrambler 13.

Next, the following describes how digital data is copied when thecontrol word recorded on the recording medium 11 b is CW₅ (k=5), thatis, when data may be reproduced up to five times, and the number ofreproductions of 2 is specified (n=2). In this case, the decryptionblock 12 reads the control word CW₅ from the recording medium 11 b andtemporarily stores it in the CW_(K) register 121 in the decryption block12.

Then, the processor 124 performs the one-way function f and replacementfor the control word CW₅, stored in the CW_(K) register 121, (k−n) timesto produce the control word CW_(n) and stores it in the CW_(n) register122. When n=2, the control word CW₂ is stored in the CW_(n) register122.

In addition, the processor 124 performs the one-way function f andreplacement for the control word CW₅, stored in the CW_(K) register 121,n times to produce the control word CW_((k−n)) and stores it in theCW_(k) register 121 to update its contents. When n=2, the control wordCW₃ is stored in the CW_(K) register 121. That is, the remainingallowable number of reproductions is 3 (=5−2).

After that, the processor 124 performs the one-way function f andreplacement repeatedly and, when the result becomes CW₀, stores thiscontrol word CW₀ in the CW₀ register 123. Finally, the control word CW₂stored in the CW_(n) register 122 is output to the communication block15 and then the contents (CW₃) of the CW_(K) register 121 are writtenback to the recording medium 11 b.

Next, the following describes how digital data is copied when thecontrol word recorded on the recording medium 11 b is CW₅ (k=5), thatis, when data may be reproduced up to five times, and the number ofreproductions of 6 is specified (n=6). In this case, too, the decryptionblock 12 reads the control word CW₅ from the recording medium 11 b andtemporarily stores it in the CW_(K) register 121 in the decryption block12.

In this case, because k−n=5−6=−1(≦0), the processor 124 does not performprocessing for the control word CW₅, with the control word CW₅ remainedin the CW_(n) register 122.

In addition, because k−n=5−6=−1(≦0), the processor 124 performs theone-way function f and replacement for the control word CW₅, stored inthe CW_(K) register 121, maximum times, namely, five times to producethe control word CW₀ and stores it in the CW_(K) register 121 to updatesits contents. That is, the remaining allowable number of reproductionsbecomes 0. The control word CW₀ is stored in the CW₀ register 123.

Finally, the control word CW₅ stored in the CW_(n) register 122 isoutput to the communication block 15 and then the contents (CW₀) of theCW_(K) register 121 are written back to the recording medium 11 b. Afterthat, when the recording media 11 a and 11 b are reproduced, the controlword CW₀ is reproduced from the recording medium 11 b and therefore thedecryption block 12 does not decode data and reproduction is notperformed normally. As described above, even if the number ofreproductions larger than the allowable number of reproductions isspecified in this embodiment, only the allowable number of reproductionsmay be made and an attempt to create more copies than the allowablenumber of reproductions is prevented.

It should be understood that many modifications and adaptations of theinvention will become apparent to those skilled in the art and it isintended to encompass such obvious modifications and changes in thescope of the claims appended hereto.

1. A master digital data creation device for supplying second digitaldata obtained by scrambling first digital data to a digital datareproduction device having a recording medium, comprising: an encryptionblock generating a first control word for identifying an allowablenumber of reproductions specified by the digital data reproductiondevice and applying a one-way function to the first control word anumber of times corresponding to the allowable number of reproductionsto generate a second control word for scrambling the first digital dataand representing a number of times said first digital data has beenreproduced; a scrambler receiving the second control word and using thesecond control word to produce the second digital data; and an outputblock outputting the second digital data and the first control word tothe digital data reproduction device.
 2. A digital data reproductiondevice comprising: an acceptor accepting recording media on which firstdigital data and a first control word are recorded, said first controlword being generated based on a specified allowable number k ofreproductions and being an identifier of said allowable number k ofreproductions, said first digital data having been generated byscrambling desired second digital data using a second control wordhaving been generated by applying a one-way function to the firstcontrol word k times; a decryption block receiving the first controlword and applying the one-way function to the first control word k timesto produce the second control word; a de-scrambler receiving the firstdigital data and the second control word and de-scrambling the firstdigital data using the second control word to produce the second digitaldata; and a reproduction unit reproducing the second digital datagenerated by said de-scrambler, wherein, after every reproduction bysaid reproduction unit, said decryption block writes a third controlword back to said recording media representing a remaining number ofallowable reproductions of said second digital data, said third controlword being generated by applying the one-way function to the firstcontrol word once, and wherein, if the first control word received fromthe recording media equals the second control word, the de-scrambling bysaid de-scrambler and the reproduction by said reproduction unit areinhibited.
 3. The digital data reproduction device according to claim 2,wherein, when a desired number of reproductions, n, is received fromsome other reproduction device, said decryption block receives the firstcontrol word from the recording media and, if k≧n, applies the one-wayfunction to the first control word (k−n) times to produce the thirdcontrol word representing a remaining number of allowable reproductionsof said second digital data and applies the one-way function to thefirst control word n times to produce the fourth control wordrepresenting a replacement identifier for said first control world forrepresenting an allowable number of reproductions of said second digitaldata; and records the fourth control word on the recording media forupdating, further comprising: an output block outputting the firstdigital data recorded on the recording media, and the third controlword, obtained from the decryption block, to the other reproductiondevice.